Allan Dyer
(An edited version of this letter appeared in the South China Morning Post, page C2, 1 Match 2005)
People who point out that laws would be ineffective because 95% of the spam we receive comes from overseas are missing the damage that lack of legislation is inflicting on our economy. This is not merely, as John Tsang said in his speech, that our "online marketers" will have their efforts diluted when their messages are wrongly blocked as spam. Many email administrators are already blocking countries indiscriminately - I have seen a message advocating blocking of Hong Kong because it is "another spammy Asian country". Even more extreme, in a widely criticised move, the large US ISP Verizon recently blocked all email from many European and Asian countries.
We can imagine a local SME that invests in a booth at an overseas trade fair. They collect many namecards, and follow up by email, not realising that over-zealous spam filters are silently discarding many of the messages. The entire investment in the physical booth might be wasted because of failure in the virtual world.
To avoid this in future, we need legislation that will be effective at shutting down spammers operating from Hong Kong.
Mr. Tsang also mentioned existing statutory measures that can help control spammers, but he did not mention the difficulties in current legislation. For example, the Telecommunications Ordinance prohibits the blocking of messages - does this mean that an ISP could be prosecuted for blocking spam or viruses? OFTA and the ISPs routinely gloss over this difficulty, but it would be preferable to have legislation that makes sense. In this case, there should be clearly defined criteria for when a service provider is permitted (or maybe required) to block a message - probably including forging of the senders information, and content sent with malicious intent.
The idea of a local common blacklist may seem attractive, but what would its purpose be? If it is to control spam that is originated or relayed locally, surely the preferred course of action is to use the law to shut down the operator. If it is to identify overseas sources, then much wider cooperation is required, and the purpose would be better served by participation in the many international blacklist efforts. Besides, the ISPA has a poor track record for acting on their pronouncements - they published a Code of Practice on spam some years ago, but they have never even published the list of ISPs that agreed to it.
I am also disappointed that Mr Tsang describes the Penny Black project as "promising" - this would add an artificial additional processing cost to email that would have a disproportionate effect on those least able to cope - those using less-powerful (perhaps second-hand) hardware, thus widening the Digital Divide. It would have no effect on the worst spammers, because they use zombies and so are already stealing the resources to send their messages. They would quickly find methods to steal "stamps" too.
The "STEPS" campaign puts Statutory measures last, but Hong Kong is already behind many other countries, including the USA, Australia and the EU, which already have anti-spam legislation. Our only advantage is that we can benefit from their experience.